CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31269 – WordPress Easy Google Maps plugin <= 1.11.11 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31269
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Supsystic Easy Google Maps. Este problema afecta a Easy Google Maps: desde n/a hasta 1.11.11. The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.11.11. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/google-maps-easy/wordpress-easy-google-maps-plugin-1-11-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3156
https://notcve.org/view.php?id=CVE-2024-3156
Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) La implementación inapropiada en V8 en Google Chrome anterior a 123.0.6312.105 permitió a un atacante remoto realizar potencialmente un acceso a la memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/329130358 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3158
https://notcve.org/view.php?id=CVE-2024-3158
Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Bookmarks de Google Chrome anterior a 123.0.6312.105 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/329965696 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3159 – Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-3159
Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) El acceso a memoria fuera de los límites en V8 en Google Chrome anterior a 123.0.6312.105 permitía a un atacante remoto realizar lectura/escritura arbitraria a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the enum cache in V8. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/330760873 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31116 – WordPress 10Web Map Builder for Google Maps plugin <= 1.0.74 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-31116
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en 10Web 10Web Map Builder para Google Maps. Este problema afecta a 10Web Map Builder para Google Maps: desde n/a hasta 1.0.74. The 10Web Map Builder for Google Maps plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.74 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/wd-google-maps/wordpress-10web-map-builder-for-google-maps-plugin-1-0-74-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •